DOCSLIB.ORG

S1ql Cheatsheet for Security Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
S1ql Cheatsheet for Security Analysis S1QL CHEATSHEET FOR SECURITY ANALYSIS QUERY SUBJECT SYNTAX QUERY SUBJECT SYNTAX HOST/AGENT INFO PROCESS TREE Hostname AgentName Process ID PID OS AgentOS PID of the parent process ParentPID Version of agent AgentVersion Parent process ParentProcessName Domain name DNSRequest Time parent process started to run ParentProcessStartTime Site token SiteId Unique ID of parent process ParentProcessUniqueKey Site name SiteName Process command line ProcessCmd Display name of process ProcessDisplayName FILE/REGISTRY INTEGRITY Generated ID of the group of processes, from first parent ProcessGroupId File ID FileID to last generation (SentinelOne Patent) File name FileFullName Pathname of running process ProcessImagePath Date and time of file creation FileCreatedAt SHA1 signature of running process ProcessImageSha1Hash MD5 FileMD5 String: SYSTEM (operating system processes), HIGH ProcessIntegrityLevel (administrators), MEDIUM (non-administrators), LOW Date and time of file change FileModifyAt (temporary Internet files), UNTRUSTED SHA1 signature FileSHA1 Process Name ProcessName SHA256 signature FileSHA256 ID of the terminal session of a process ProcessSessionId SHA1 of file before it was changed OldFileSHA1 Process start time ProcessStartTime Name of file before rename OldFileName String: SYS_WIN32, SYS_WSL, SUBSYSTEM_UNKNOWN ProcessSubSystem Identity of file signer Signer Unique ID of process ProcessUniqueKey Registry key unique ID RegistryID PID after relinked Rpid Full path location of the Registry Key entry RegistryPath Thread ID Tid ID of all objects associated with a detection TrueContext NETWORK DATA Username User String: GET, POST, PUT, DELETE NetworkMethod URL NetworkUrl SCHEDULED TASKS DNS response data DNSResponse Name of a scheduled task TaskName IP address of the destination DstIP Full path location of a scheduled task TaskPath Port number of destination DstPort IP address of traffic source SrcIP Port number of traffic source SrcPort www.SentinelOne.com | [email protected] | +1-855-868-3733 | 605 Fairchild Dr, Mountain View, CA 94043 S1QL CHEATSHEET FOR SECURITY ANALYSIS QUERY SUBJECT SYNTAX QUERY SUBJECT SYNTAX HOST/AGENT INFO PROCESS TREE Hostname AgentName Process ID PID OS AgentOS PID of the parent process ParentPID Version of agent AgentVersion Parent process ParentProcessName Domain name DNSRequest Time parent process started to run ParentProcessStartTime Site token SiteId Unique ID of parent process ParentProcessUniqueKey Site name SiteName Process command line ProcessCmd Display name of process ProcessDisplayName FILE/REGISTRY INTEGRITY Generated ID of the group of processes, from first parent ProcessGroupId File ID FileID to last generation (SentinelOne Patent) File name FileFullName Pathname of running process ProcessImagePath Date and time of file creation FileCreatedAt SHA1 signature of running process ProcessImageSha1Hash MD5 FileMD5 String: SYSTEM (operating system processes), HIGH ProcessIntegrityLevel (administrators), MEDIUM (non-administrators), LOW Date and time of file change FileModifyAt (temporary Internet files), UNTRUSTED SHA1 signature FileSHA1 Process Name ProcessName SHA256 signature FileSHA256 ID of the terminal session of a process ProcessSessionId SHA1 of file before it was changed OldFileSHA1 Process start time ProcessStartTime Name of file before rename OldFileName String: SYS_WIN32, SYS_WSL, SUBSYSTEM_UNKNOWN ProcessSubSystem Identity of file signer Signer Unique ID of process ProcessUniqueKey Registry key unique ID RegistryID PID after relinked Rpid Full path location of the Registry Key entry RegistryPath Thread ID Tid ID of all objects associated with a detection TrueContext NETWORK DATA Username User String: GET, POST, PUT, DELETE NetworkMethod URL NetworkUrl SCHEDULED TASKS DNS response data DNSResponse Name of a scheduled task TaskName IP address of the destination DstIP Full path location of a scheduled task TaskPath Port number of destination DstPort IP address of traffic source SrcIP Port number of traffic source SrcPort www.SentinelOne.com | [email protected] | +1-855-868-3733 | 605 Fairchild Dr, Mountain View, CA 94043 WATCHLIST NAME QUERY WATCHLIST NAME QUERY WATCHLIST NAME QUERY ProcessCmd RegExp “net\s+user(?:(?!\s+/add) Windows 10 Get WMIC Group List Net User Add User ProcessCmd RegExp “wmic group list” (?:.|\n))*\s+/add” Network Adaptor ProcessCmd RegExp “wmic nic” on Local System Details processCmd = “REG ADD HKLM\SYSTEM\ WMIC List built in ProcessCmd RegExp “wmic sysaccount list” Enable SMBv1 CurrentControlSet\Services\LanmanServer\ Execute File in processCmd RegExp “/FILE” AND ProcessCmd System Accounts Parameters /v SMB1 /t REG_DWORD /d 1 /f” Appdata folder RegExp “Appdata” Reg Query - last 10 ProcessCmd RegExp “RecentDocs” AND Unusual Schedule ProcessCmd RegExp “schtasks” AND Nslookup ProcessCmd RegExp “nslookup” files accessed or ProcessCmd RegExp “REG QUERY” AND Task Created processName != “Manages scheduled tasks” executed by explorer ProcessCmd RegExp “explorer” ProcessCmd RegExp “net\s+user(?:(?!\s+/ Powershell with Net DstIP Is Not Empty AND ProcessName Net User Delete User ProcessCmd RegExp “Runonce” AND delete)(?:.|\n))*\s+/delete” Reg Query - RunOnce connections RegExp “powershell” ProcessCmd RegExp “REG QUERY” ProcessCmd RegExp “net\s+user(?:(?!\s+/ Net User Domain ( ProcessName RegExp “windows command domain)(?:.|\n))*\s+/domain” Reg Query - Check ProcessCmd RegExp “Reg Query” AND Shell Process processor” OR ProcessName RegExp Patterns for Virtual ProcessCmd RegExp “Disk” AND ProcessCmd Creating File “powershell” ) AND FileModifyAt > Add user to AD ProcessCmd Contains “dsadd user” Machines RegExp “Enum” “Mar 26, 2017 00:00:39” Query Group Policy Powershell add ProcessCmd RegExp “powershell.exe New- ProcessCmd RegExp “gpresult” ( ProcessName RegExp “windows command local user LocalUser” RSOP Data processor” OR ProcessName RegExp Shell Process Modify “powershell” ) AND ( FileModifyAt > Powershell upload or ProcessCmd RegExp “(New-Object Net. System Info - windows ProcessCmd RegExp “systeminfo” or File “Mar 26, 2017 00:00:10” OR FileCreatedAt > download methods Webclient)” ProcessCmd RegExp “systeminfo” “Mar 26, 2017 00:00:31” ) ProcessCmd RegExp “setspn” AND OR ProcessCmd RegExp “ver >” OR Suspicious - List all ProcessCmd RegExp “-t” AND ProcessCmd System Info and ProcessCmd RegExp “type\s+%APPDATA%” Registry Alteration ProcessCmd RegExp “reg\s+add” OR SPNs in a Domain via Command line ProcessCmd RegExp “reg\s+del” RegExp “-q */*” Network data OR ProcessCmd RegExp “ipconfig” OR gathering ProcessCmd RegExp “net\s+view” OR ProcessCmd RegExp “vssadmin.exe list processImagePath = “C:\Windows\System32\ list vssadmin shadows ProcessCmd RegExp “arp -a” OR ProcessCmd svchost.exe” AND User != “NT AUTHORITY\ shadows” svchost.exe running in RegExp “netstat” SYSTEM” AND User != “NT AUTHORITY\LOCAL a unusual user context Add user or Query ProcessCmd RegExp “net localgroup SERVICE” AND User != “NT AUTHORITY\ WMIC Process local admin group administrators” NETWORK SERVICE” Get - Process data ProcessCmd RegExp “wmic\s+process\s+get” Change firewall profile and sub commands Powershell runnning ProcessName RegExp “powershell” AND User ProcessCmd RegExp “netsh advfirewall” settings WMIC qfe - Gather as system user RegExp “SYSTEM” ProcessCmd RegExp “wmic qfe” Clear Windows Event Windows Patch Data ParentProcessName = “Windows PowerShell” ProcessCmd RegExp “wevtutil cl system” OR Powershell Scheduled Logs Powershell or AND ProcessName = “Task Scheduler ProcessCmd RegExp “Clear-EventLog” ProcessName RegExp “powershell” AND Tasks Created Wevtutil Configuration Tool” (ProcessCmd RegExp “Invoke-Expression” OR ProcessCmd RegExp “netsh firewall” AND Powershell suspicious ProcessCmd RegExp “-encodedcommand” OR FileCreatedAt > “Apr 2, 2017 00:00:03” AND Netsh disable firewall Executable Created ProcessCmd RegExp “disable” commands ProcessCmd RegExp “hidden” OR ProcessCmd ProcessName RegExp “.exe” RegExp “write-host” OR ProcessCmd RegExp ProcessName RegExp “Host Process for Query logged in Users ProcessCmd RegExp “quser” “Get-NetIPConfiguration”) Windows Services” AND ParentProcessName Suspicious Parent Qwinsta - Display != “Host Process for Windows Services” echo command ProcessCmd RegExp “echo” Process svchost.exe information Terminal ProcessCmd RegExp “qwinsta” AND ParentProcessName != “Services and Sessions regsvr32 and scrobj.dll ProcessCmd RegExp “regsvr32” AND Controller app” register-unregister dll ProcessCmd RegExp “scrobj.dll” Current Running ProcessCmd RegExp “tasklist” ParentProcessName = “Insert Vulnerable Processes regsvr32 suspicious processName = “Microsoft(C) Register Server” Application name from Applications Tab” AND Vulnerable App downloads AND DstIP Is Not Empty ( ProcessName RegExp “Windows Command Net User - Query launching shell ProcessCmd RegExp “net user” Processor” OR ProcessName RegExp a User regsvr32 suspicious processName = “Microsoft(C) Register Server” “Powershell” ) file modification AND FileModifyAt > “Mar 1, 2019 00:00:45” Query Network Shares ProcessCmd RegExp “net share” ParentProcessName RegExp “excel” AND ProcessCmd RegExp “regsvr32” AND Excel Running Shell (ProcessName RegExp “sh” OR ProcessName Query Account & (RegistryPath Contains “machine\software\ or Python ProcessCmd RegExp “net accounts” regsvr32 Persistence RegExp “python”) Password Policy classes” OR ProcessCmd RegExp “schtasks\ s+/create”) Whoami ProcessCmd RegExp “whoami” Net Config - Query Workstation Current ProcessCmd RegExp “net config workstation” ProcessCmd RegExp “bitsadmin”
Load more

Recommended publications
  • Attacker Antics Illustrations of Ingenuity
    ATTACKER ANTICS ILLUSTRATIONS OF INGENUITY Bart Inglot and Vincent Wong FIRST CONFERENCE 2018 2 Bart Inglot ◆ Principal Consultant at Mandiant ◆ Incident Responder ◆ Rock Climber ◆ Globetrotter ▶ From Poland but live in Singapore ▶ Spent 1 year in Brazil and 8 years in the UK ▶ Learning French… poor effort! ◆ Twitter: @bartinglot ©2018 FireEye | Private & Confidential 3 Vincent Wong ◆ Principal Consultant at Mandiant ◆ Incident Responder ◆ Baby Sitter ◆ 3 years in Singapore ◆ Grew up in Australia ©2018 FireEye | Private & Confidential 4 Disclosure Statement “ Case studies and examples are drawn from our experiences and activities working for a variety of customers, and do not represent our work for any one customer or set of customers. In many cases, facts have been changed to obscure the identity of our customers and individuals associated with our customers. ” ©2018 FireEye | Private & Confidential 5 Today’s Tales 1. AV Server Gone Bad 2. Stealing Secrets From An Air-Gapped Network 3. A Backdoor That Uses DNS for C2 4. Hidden Comment That Can Haunt You 5. A Little Known Persistence Technique 6. Securing Corporate Email is Tricky 7. Hiding in Plain Sight 8. Rewriting Import Table 9. Dastardly Diabolical Evil (aka DDE) ©2018 FireEye | Private & Confidential 6 AV SERVER GONE BAD Cobalt Strike, PowerShell & McAfee ePO (1/9) 7 AV Server Gone Bad – Background ◆ Attackers used Cobalt Strike (along with other malware) ◆ Easily recognisable IOCs when recorded by Windows Event Logs ▶ Random service name – also seen with Metasploit ▶ Base64-encoded script, “%COMSPEC%” and “powershell.exe” ▶ Decoding the script yields additional PowerShell script with a base64-encoded GZIP stream that in turn contained a base64-encoded Cobalt Strike “Beacon” payload.
    [Show full text]
  • Transaction Insight Reference Manual Contents  I Admin - Filters - Partner Filter
    TIBCO Foresight® Transaction Insight® Reference Manual Software Release 5.2 September 2017 Two-second advantage® Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN LICENSE.PDF) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO and Two-Second Advantage, TIBCO Foresight EDISIM, TIBCO Foresight Instream, TIBCO Foresight Studio, and TIBCO Foresight Transaction Insight are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.
    [Show full text]
  • Powershell Integration with Vmware View 5.0
    PowerShell Integration with VMware® View™ 5.0 TECHNICAL WHITE PAPER PowerShell Integration with VMware View 5.0 Table of Contents Introduction . 3 VMware View. 3 Windows PowerShell . 3 Architecture . 4 Cmdlet dll. 4 Communication with Broker . 4 VMware View PowerCLI Integration . 5 VMware View PowerCLI Prerequisites . 5 Using VMware View PowerCLI . 5 VMware View PowerCLI cmdlets . 6 vSphere PowerCLI Integration . 7 Examples of VMware View PowerCLI and VMware vSphere PowerCLI Integration . 7 Passing VMs from Get-VM to VMware View PowerCLI cmdlets . 7 Registering a vCenter Server . .. 7 Using Other VMware vSphere Objects . 7 Advanced Usage . 7 Integrating VMware View PowerCLI into Your Own Scripts . 8 Scheduling PowerShell Scripts . 8 Workflow with VMware View PowerCLI and VMware vSphere PowerCLI . 9 Sample Scripts . 10 Add or Remove Datastores in Automatic Pools . 10 Add or Remove Virtual Machines . 11 Inventory Path Manipulation . 15 Poll Pool Usage . 16 Basic Troubleshooting . 18 About the Authors . 18 TECHNICAL WHITE PAPER / 2 PowerShell Integration with VMware View 5.0 Introduction VMware View VMware® View™ is a best-in-class enterprise desktop virtualization platform. VMware View separates the personal desktop environment from the physical system by moving desktops to a datacenter, where users can access them using a client-server computing model. VMware View delivers a rich set of features required for any enterprise deployment by providing a robust platform for hosting virtual desktops from VMware vSphere™. Windows PowerShell Windows PowerShell is Microsoft’s command line shell and scripting language. PowerShell is built on the Microsoft .NET Framework and helps in system administration. By providing full access to COM (Component Object Model) and WMI (Windows Management Instrumentation), PowerShell enables administrators to perform administrative tasks on both local and remote Windows systems.
    [Show full text]
  • Run-Commands-Windows-10.Pdf
    Run Commands Windows 10 by Bettertechtips.com Command Action Command Action documents Open Documents Folder devicepairingwizard Device Pairing Wizard videos Open Videos Folder msdt Diagnostics Troubleshooting Wizard downloads Open Downloads Folder tabcal Digitizer Calibration Tool favorites Open Favorites Folder dxdiag DirectX Diagnostic Tool recent Open Recent Folder cleanmgr Disk Cleanup pictures Open Pictures Folder dfrgui Optimie Drive devicepairingwizard Add a new Device diskmgmt.msc Disk Management winver About Windows dialog dpiscaling Display Setting hdwwiz Add Hardware Wizard dccw Display Color Calibration netplwiz User Accounts verifier Driver Verifier Manager azman.msc Authorization Manager utilman Ease of Access Center sdclt Backup and Restore rekeywiz Encryption File System Wizard fsquirt fsquirt eventvwr.msc Event Viewer calc Calculator fxscover Fax Cover Page Editor certmgr.msc Certificates sigverif File Signature Verification systempropertiesperformance Performance Options joy.cpl Game Controllers printui Printer User Interface iexpress IExpress Wizard charmap Character Map iexplore Internet Explorer cttune ClearType text Tuner inetcpl.cpl Internet Properties colorcpl Color Management iscsicpl iSCSI Initiator Configuration Tool cmd Command Prompt lpksetup Language Pack Installer comexp.msc Component Services gpedit.msc Local Group Policy Editor compmgmt.msc Computer Management secpol.msc Local Security Policy: displayswitch Connect to a Projector lusrmgr.msc Local Users and Groups control Control Panel magnify Magnifier
    [Show full text]
  • Powerview Command Reference
    PowerView Command Reference TRACE32 Online Help TRACE32 Directory TRACE32 Index TRACE32 Documents ...................................................................................................................... PowerView User Interface ............................................................................................................ PowerView Command Reference .............................................................................................1 History ...................................................................................................................................... 12 ABORT ...................................................................................................................................... 13 ABORT Abort driver program 13 AREA ........................................................................................................................................ 14 AREA Message windows 14 AREA.CLEAR Clear area 15 AREA.CLOSE Close output file 15 AREA.Create Create or modify message area 16 AREA.Delete Delete message area 17 AREA.List Display a detailed list off all message areas 18 AREA.OPEN Open output file 20 AREA.PIPE Redirect area to stdout 21 AREA.RESet Reset areas 21 AREA.SAVE Save AREA window contents to file 21 AREA.Select Select area 22 AREA.STDERR Redirect area to stderr 23 AREA.STDOUT Redirect area to stdout 23 AREA.view Display message area in AREA window 24 AutoSTOre ..............................................................................................................................
    [Show full text]
  • Blue Coat SGOS Command Line Interface Reference, Version 4.2.3
    Blue Coat® Systems ProxySG™ Command Line Interface Reference Version SGOS 4.2.3 Blue Coat ProxySG Command Line Interface Reference Contact Information Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contact.html [email protected] http://www.bluecoat.com For concerns or feedback about the documentation: [email protected] Copyright© 1999-2006 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of Blue Coat Systems, Inc. All right, title and interest in and to the Software and documentation are and shall remain the exclusive property of Blue Coat Systems, Inc. and its licensors. ProxySG™, ProxyAV™, CacheOS™, SGOS™, Spyware Interceptor™, Scope™, RA Connector™, RA Manager™, Remote Access™ are trademarks of Blue Coat Systems, Inc. and CacheFlow®, Blue Coat®, Accelerating The Internet®, WinProxy®, AccessNow®, Ositis®, Powering Internet Management®, The Ultimate Internet Sharing Solution®, Permeo®, Permeo Technologies, Inc.®, and the Permeo logo are registered trademarks of Blue Coat Systems, Inc. All other trademarks contained in this document and in the Software are the property of their respective owners. BLUE COAT SYSTEMS, INC. DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL BLUE COAT SYSTEMS, INC., ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS, INC.
    [Show full text]
  • View the Slides (Smith)
    Network Shells Michael Smith Image: https://commons.wikimedia.org/wiki/File:Network-connections.png What does a Shell give us? ● A REPL ● Repeatability ● Direct access to system operations ● User-focused design ● Hierarchical context & sense of place Image: https://upload.wikimedia.org/wikipedia/commons/8/84/Bash_demo.png What does a Shell give us? ● A REPL ● Repeatability ● Direct access to system operations ● User-focused design ● Hierarchical context & sense of place Image: https://upload.wikimedia.org/wikipedia/commons/8/84/Bash_demo.png Management at a distance (netsh) Netsh: Configure DHCP servers with netsh -r RemoteMachine -u domain\username [RemoteMachine] netsh>interface [RemoteMachine] netsh interface>ipv6 [RemoteMachine] netsh interface ipv6>show interfaces Reference: https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-contexts Management at a distance (netsh) Netsh: Configure DHCP servers with netsh Location-r RemoteMachine -u domain\username Hierarchical [RemoteMachine] netsh>interfacecontext Simpler [RemoteMachine] netsh interface>ipv6 commands [RemoteMachine] netsh interface ipv6>show interfaces Reference: https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-contexts Management at a distance (WSMan) WSMan (in Powershell): Manage Windows remotely with Set-Location -Path WSMan:\SERVER01 Get-ChildItem -Path . Set-Item Client\TrustedHosts *.domain2.com -Concatenate Reference: https://docs.microsoft.com/en-us/powershell/module/microsoft.wsman.management/about/about_wsman_provider
    [Show full text]
  • Your Guide to Installing and Using Coastal Explorer EXPLORING COASTAL EXPLORER Version 4
    EXPLORING COASTAL EXPLORER Your guide to installing and using Coastal Explorer EXPLORING COASTAL EXPLORER Version 4 Your guide to installing and using Coastal Explorer Copyright © 2017 Rose Point Navigation Systems. All rights reserved. Rose Point Navigation Systems, Coastal Explorer, and Coastal Explorer Network are trademarks of Rose Point Navigation Systems. The names of any other companies and/or products mentioned herein may be the trademarks of their respective owners. WARNINGS: Use Coastal Explorer at your own risk. Be sure to carefully read and understand the user's manual and practice operation prior to actual use. Coastal Explorer depends on information from the Global Position System (GPS) and digital charts, both of which may contain errors. Navigators should be aware that GPS- derived positions are often of higher accuracy than the positions of charted data. Rose Point Navigation Systems does not warrant the accuracy of any information presented by Coastal Explorer. Coastal Explorer is intended to be used as a supplementary aid to navigation and must not be considered a replacement for official government charts, notices to mariners, tide and current tables, and/or other reference materials. The captain of a vessel is ultimately responsible for its safe navigation and the prudent mariner does not rely on any single source of information. The information in this manual is subject to change without notice. Rose Point Navigation Systems 18005 NE 68th Street Suite A100 Redmond, WA 98052 Phone: 425-605-0985 Fax: 425-605-1285 e-mail: [email protected] www.rosepoint.com Welcome to Coastal Explorer Thank you for choosing Coastal Explorer! If you are new to navigation software, but use a computer for anything else, you will find that Coastal Explorer works just like many other Windows applications: you create documents, edit them, save them, print them, etc.
    [Show full text]
  • Netsh Commands William John Holden 2014­04­11 (Version 2) Interface Configuration Configure an Ipv4 Address with Subnet Mask and Default Gateway
    Netsh Commands William John Holden 2014­04­11 (version 2) Interface Configuration Configure an IPv4 address with subnet mask and default gateway. Omitted netmask implies classful addressing. netsh int ipv4 set address "Local Area Connection" static 192.168.1.3 255.255.255.0 192.168.1.1 Remove an IPv4 address and default gateway from an interface. netsh int ipv4 del address "Local Area Connection" 192.168.1.3 192.168.1.1 You can add more than one IP address to an interface. Additional addresses don't show up in ipconfig without /all. netsh int ipv4 add address "Local Area Connection" 192.168.1.4 Add a global unicast IP with prefix. Prefix is optional and defaults to /64. netsh int ipv6 set address "Local Area Connection" 2001:beef::1/64 Add a link­local IP to an interface. See the similarity to above? netsh int ipv6 add address "Local Area Connection" fe80::6 Delete the IP. Remove a link­local IP the same way. netsh int ipv6 del address "Local Area Connection" 2001:beef::1 Set an IPv6 default route. netsh int ipv6 add route ::/0 "Local Area Connection" fe80::3 Delete the default route. netsh int ipv6 delete route ::/0 "Local Area Connection" fe80::3 Reset Configuration Reset interface configuration completely (requires restart): netsh int ipv6 reset all netsh int ipv4 reset all shutdown ­r ­t 0 Verification (“show commands”) netsh has several commands that are very similar to ipconfig, route print (netstat ­r), netstat ­a, and getmac. Poke around netsh int ipv4 show ? and you’ll find lots of interesting stuff.
    [Show full text]
  • How to Cheat at Windows System Administration Using Command Line Scripts
    www.dbebooks.com - Free Books & magazines 405_Script_FM.qxd 9/5/06 11:37 AM Page i How to Cheat at Windows System Administration Using Command Line Scripts Pawan K. Bhardwaj 405_Script_FM.qxd 9/5/06 11:37 AM Page ii Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or produc- tion (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.
    [Show full text]
  • Invalid Class String Error
    Tib4231 July, 2001 TECHNICAL INFORMATION BULLETIN Invalid Class String Error KODAK DC215, KODAK DC240, KODAK DC280, DC3400, and DC5000 Zoom Digital Cameras An Invalid Class String error may occur when you try to launch the camera software for the first time, or the Mounter or Camera Properties software may not operate properly.This error is caused when the program RegSvr32.exe is not located in the C:\Windows\System folder, preventing the DLL files from being registered. Use this document to help you properly locate the RegSvr32.exe program in your system, and if necessary, manually register the DLL files. The instructions in this document assume that you are familiar with copying and moving files in your computer, and installing software. Relocating RegSvr32.exe 1. Go to Start > Find > Files and Folders and search for regsvr32*.* Note the location of the program. 2. In WINDOWS Explorer or My Computer, copy RegSvr32.exe to the C:\Windows\System folder if it is not already there. When the file is in place, go on to Step 3. 3. Uninstall the KODAK software using the KODAK Uninstall application, or go to Start > Settings > Control Panel > Add / Remove Programs. 4. Close all background programs except Explorer and Systray by pressing Ctrl Alt Del, selecting each program one at a time, and clicking End Task after each. 5. Install the KODAK camera software. 6. Start the KODAK Camera Mounter and Camera Properties software for your camera. If the Invalid Class String error appears, manually register the DLL file using the procedure that follows for your camera.
    [Show full text]
  • VNC User Guide 7 About This Guide
    VNC® User Guide Version 5.3 December 2015 Trademarks RealVNC, VNC and RFB are trademarks of RealVNC Limited and are protected by trademark registrations and/or pending trademark applications in the European Union, United States of America and other jursidictions. Other trademarks are the property of their respective owners. Protected by UK patent 2481870; US patent 8760366 Copyright Copyright © RealVNC Limited, 2002-2015. All rights reserved. No part of this documentation may be reproduced in any form or by any means or be used to make any derivative work (including translation, transformation or adaptation) without explicit written consent of RealVNC. Confidentiality All information contained in this document is provided in commercial confidence for the sole purpose of use by an authorized user in conjunction with RealVNC products. The pages of this document shall not be copied, published, or disclosed wholly or in part to any party without RealVNC’s prior permission in writing, and shall be held in safe custody. These obligations shall not apply to information which is published or becomes known legitimately from some source other than RealVNC. Contact RealVNC Limited Betjeman House 104 Hills Road Cambridge CB2 1LQ United Kingdom www.realvnc.com Contents About This Guide 7 Chapter 1: Introduction 9 Principles of VNC remote control 10 Getting two computers ready to use 11 Connectivity and feature matrix 13 What to read next 17 Chapter 2: Getting Connected 19 Step 1: Ensure VNC Server is running on the host computer 20 Step 2: Start VNC
    [Show full text]